Begin working on profile

beaver-dev · beaver-dev · commit f54a1a745f7d · 2016-02-19T23:39:01.000+01:00
diff --git a/featherbb/Controller/Admin/Groups.php b/featherbb/Controller/Admin/Groups.php
@@ -99,7 +99,7 @@ public function addedit($req, $res, $args)
 
         // Add/edit a group (stage 2)
         if (Input::post('add_edit_group')) {
-            $this->model->add_edit_group($groups);
+            return $this->model->add_edit_group($groups);
         }
 
         // Add/edit a group (stage 1)
diff --git a/featherbb/Controller/Auth.php b/featherbb/Controller/Auth.php
@@ -57,7 +57,6 @@ public function login($req, $res, $args)
 
                     $jwt = ModelAuth::generate_jwt($user, $expire);
                     ModelAuth::feather_setcookie('Bearer '.$jwt, $expire);
-                    // ModelAuth::feather_setcookie($user->id, $form_password_hash, $expire);
 
                     return Router::redirect(Router::pathFor('home'), __('Login redirect'));
                 } else {
diff --git a/featherbb/Controller/Profile.php b/featherbb/Controller/Profile.php
@@ -85,7 +85,7 @@ public function display($req, $res, $args)
                                     throw new Error(__('No permission'), 403);
             }
 
-            $this->model->update_profile($args['id'], $info, $args['section']);
+            return $this->model->update_profile($args['id'], $info, $args['section']);
         }
 
         $user = $this->model->get_user_info($args['id']);
@@ -255,7 +255,11 @@ public function action($req, $res, $args)
         }
 
         if ($args['action'] == 'change_pass') {
-            $this->model->change_pass($args['id']);
+            if (Request::isPost()) {
+                // TODO: Check if security "if (Container::get('user')->id != $id)" (l.58 of Model/Profile) isn't bypassed
+                // FOR ALL chained if below
+                return $this->model->change_pass($args['id']);
+            }
 
             View::setPageInfo(array(
                 'title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Profile'), __('Change pass')),
@@ -268,7 +272,9 @@ public function action($req, $res, $args)
             View::addTemplate('profile/change_pass.php')->display();
 
         } elseif ($args['action'] == 'change_email') {
-            $this->model->change_email($args['id']);
+            if (Request::isPost()) {
+                return $this->model->change_email($args['id']);
+            }
 
             View::setPageInfo(array(
                 'title' => array(Utils::escape(ForumSettings::get('o_board_title')), __('Profile'), __('Change email')),
@@ -290,7 +296,7 @@ public function action($req, $res, $args)
             }
 
             if (Request::isPost()) {
-                $this->model->upload_avatar($args['id'], $_FILES);
+                return $this->model->upload_avatar($args['id'], $_FILES);
             }
 
             View::setPageInfo(array(
diff --git a/featherbb/Model/Login.php b/featherbb/Model/Login.php
@@ -15,14 +15,10 @@
 use FeatherBB\Core\Track;
 use FeatherBB\Core\Url;
 use FeatherBB\Core\Utils;
+use FeatherBB\Model\Auth as AuthModel;
 
 class Login
 {
-    public function __construct()
-    {
-        $this->auth = new \FeatherBB\Model\Auth();
-    }
-
     public function login()
     {
         Container::get('hooks')->fire('model.login.login_start');
@@ -73,7 +69,9 @@ public function login()
 
         $expire = ($save_pass == '1') ? time() + 1209600 : time() + ForumSettings::get('o_timeout_visit');
         $expire = Container::get('hooks')->fire('model.login.expire_login', $expire);
-        $this->auth->feather_setcookie($user->id, $form_password_hash, $expire);
+
+        $jwt = AuthModel::generate_jwt($user, $expire);
+        AuthModel::feather_setcookie('Bearer '.$jwt, $expire);
 
         // Reset tracked topics
         Track:: set_tracked_topics(null);
@@ -109,7 +107,7 @@ public function logout($id, $token)
 
         Container::get('hooks')->fire('model.login.logout_end');
 
-        $this->auth->feather_setcookie(1, Random::hash(uniqid(rand(), true)), time() + 31536000);
+        AuthModel::feather_setcookie('Bearer ', time() + 31536000);
 
         return Router::redirect(Router::pathFor('home'), __('Logout redirect'));
     }
diff --git a/featherbb/Model/Profile.php b/featherbb/Model/Profile.php
@@ -14,13 +14,10 @@
 use FeatherBB\Core\Random;
 use FeatherBB\Core\Url;
 use FeatherBB\Core\Utils;
+use FeatherBB\Model\Auth as AuthModel;
 
 class Profile
 {
-    public function __construct()
-    {
-        $this->auth = new \FeatherBB\Model\Auth();
-    }
 
     public function change_pass($id)
     {
@@ -127,7 +124,9 @@ public function change_pass($id)
             $update_password = $update_password->save();
 
             if (Container::get('user')->id == $id) {
-                $this->auth->feather_setcookie(Container::get('user')->id, $new_password_hash, time() + ForumSettings::get('o_timeout_visit'));
+                $expire = time() + ForumSettings::get('o_timeout_visit');
+                $jwt = AuthModel::generate_jwt(Container::get('user'), $expire);
+                AuthModel::feather_setcookie('Bearer '.$jwt, $expire);
             }
 
             Container::get('hooks')->fire('model.profile.change_pass');

Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ public function addedit($req, $res, $args)`
`99`	`99`
`100`	`100`	`// Add/edit a group (stage 2)`
`101`	`101`	`if (Input::post('add_edit_group')) {`
`102`		`- $this->model->add_edit_group($groups);`
	`102`	`+ return $this->model->add_edit_group($groups);`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`// Add/edit a group (stage 1)`